fix: harden login for MLPS requirements
This commit is contained in:
@@ -9,8 +9,10 @@ import (
|
||||
)
|
||||
|
||||
type loginRequest struct {
|
||||
Username string `json:"username" binding:"required"`
|
||||
Password string `json:"password" binding:"required"`
|
||||
Username string `json:"username" binding:"required"`
|
||||
Password string `json:"password"`
|
||||
EncryptedPassword string `json:"encrypted_password"`
|
||||
PasswordKeyID string `json:"password_key_id"`
|
||||
}
|
||||
|
||||
type loginResponse struct {
|
||||
@@ -28,11 +30,13 @@ func loginHandler(svc *app.AuthService) gin.HandlerFunc {
|
||||
}
|
||||
|
||||
result, err := svc.Login(c.Request.Context(), app.LoginInput{
|
||||
Username: body.Username,
|
||||
Password: body.Password,
|
||||
IP: c.ClientIP(),
|
||||
UserAgent: c.Request.UserAgent(),
|
||||
RequestID: middleware.RequestIDFromGin(c),
|
||||
Username: body.Username,
|
||||
Password: body.Password,
|
||||
EncryptedPassword: body.EncryptedPassword,
|
||||
PasswordKeyID: body.PasswordKeyID,
|
||||
IP: c.ClientIP(),
|
||||
UserAgent: c.Request.UserAgent(),
|
||||
RequestID: middleware.RequestIDFromGin(c),
|
||||
})
|
||||
if err != nil {
|
||||
response.Error(c, err)
|
||||
@@ -47,6 +51,17 @@ func loginHandler(svc *app.AuthService) gin.HandlerFunc {
|
||||
}
|
||||
}
|
||||
|
||||
func passwordPublicKeyHandler(svc *app.AuthService) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
key := svc.PasswordPublicKey()
|
||||
if key == nil {
|
||||
response.Error(c, response.ErrNotFound(40420, "password_cipher_disabled", "password cipher is disabled"))
|
||||
return
|
||||
}
|
||||
response.Success(c, key)
|
||||
}
|
||||
}
|
||||
|
||||
func meHandler(accounts *app.AccountService) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
actor := actorFromGin(c)
|
||||
|
||||
Reference in New Issue
Block a user